In today's society, computer software, as well as other digital content, has become extremely valuable. Unfortunately, due to the abilities of the computers upon which computer software is installed, computer software may be easily pirated. According to recent studies, losses resulting from pirated software in the United States are estimated in the billions of dollars each year. In response, software companies have responded with various anti-piracy measures to prevent such losses. Unfortunately, current efforts aimed at preventing these losses have been only marginally successful.
One current anti-piracy measure involves the use of installation keys. Content is delivered to a user on installation media in an installable format referred to as an installation image. The content is installed from the installation image via an installation process. The installation process is enabled and installs the content only when a valid installation key is presented. Thus, using a supplied installation key, the software, or other digital content, may be installed on a computer.
Currently, most software applications are delivered on mass-produced CD-ROMs. Accompanying the CD-ROM is an installation key that the user must manually enter during the installation process. The installation key is typically printed on a label and placed on printed material accompanying the CD-ROM. Installation keys represent encrypted tokens. The installation program decrypts the manually entered installation key to determine whether the key is a genuine, valid key. Incorrectly entering the installation key is interpreted as an invalid installation key and the installation process is aborted. However, if the installation key is genuine, and if the user correctly enters the installation key, the installation process continues with installing the computer software. Thus, it is essential that the installation key be properly entered.
Because the installation keys that are currently used must be manually entered through a keyboard by the user, they must be short, and therefore, are relatively weak in terms of their ability to be hacked or forged. However, shorter keys are used because studies have shown that the longer the installation key, the greater the user frustration becomes from entering it, and the more likely the user will err while entering the key. In today's competitive market, it is imperative to minimize user frustration and maximize accuracy in entering the installation key. Thus, to ensure a positive experience on the user's part, software vendors are forced to limit the length of installation keys, typically to under 30 characters. Unfortunately, the length of the installation key typically corresponds to the ease with which an installation key may be forged. Forged installation keys are a primary reason that current anti-piracy measures enjoy only limited success.
By increasing the length of the installation keys, and in particular the cryptographic bits of the installation keys, vendors could create installation keys sufficiently strong to prevent their forgery. For purposes of this discussion, a strong installation key is one that is not susceptible to encryption breaking processes using current or near future computer processing power. Taking into account the current processing power of computers today and the near future, a sufficiently strong installation key would include at least 512-bits of cryptographic data. A 512-bit cryptographic key roughly equates to 300 characters, about ten times the 30-character limit used today. However, requiring a user to manually enter a 300-character installation key is simply unreasonable.
One solution to this problem is proposed in the co-pending application “System and Method for Individualizing Installation Media,” U.S. patent application Ser. No. 10/463,559, filed Jun. 16, 2003, which is incorporated herein by reference. According to this proposed solution, strong installation keys are written to the installation media in a computer-readable format. A strong installation key is one that is not susceptible to encryption breaking processes, taking into account current or near future computer processing power. For example, a sufficiently strong installation key may include at least 512-bits of cryptographic data. Instead of the user entering the installation key, the installation process reads the strong installation key from the installation media. Thus, long, and therefore strong, installation keys may be used without the problems associated with user generated input errors. Unfortunately, if pirates cannot forge counterfeit installation keys, they will likely turn to stealing genuine keys.
As previously mentioned, the installation media is typically mass-produced. Moreover, in order to minimize costs, content providers turn to third-party production facilities to mass-produce the media. Thus, genuine installation keys must be delivered to these third parties in order to place the keys on the installation media. This represents a weakness that may be exploited by thieves, stealing the genuine installation keys, either during their transit from the software vendor to the production facility, or while stored at the production facility.
Accordingly, the prior art lacks a system for delivering strong installation keys from a software vendor to an individualization device at a production facility in a secure manner. As will be discussed below, the present invention addresses this and other aspects currently lacking in the prior art.